We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
PlainID has published the findings of its CISO Zero Trust Insight survey. The study, which questioned 200 CISOs and CIOs, revealed that the majority of respondents are on the road to implementing a zero trust framework in an effort to increase their overall security risk posture. However, only 50% said that authorisation makes up their zero trust programme - potentially exposing their infrastructure to threat actors.
Robust security cannot begin without first implementing Authentication
Historically, a zero trust framework was focused on solving the challenges associated with authentication, end point and network access security. However, identity related breaches have increased exponentially, and the convergence of identity and access management with traditional security has accelerated the need for new technical capabilities for enterprise authorisation and access controls.
Authorisation is a broad and complex challenge requiring a solution that can provide a multitude of capabilities such as policy management, governance, control and policy enforcement across a disparate computing environment. Ultimately, to provide the most secure digital end user experience, authorisation policies must allow for risk-based decision making in real time. This extends the zero trust philosophy from time of authentication through to the final access point and target data set.
The survey results reflected that only 31% of respondents said they have sufficient visibility and control over authorisation policies intended to enforce appropriate data access. Additionally, 45% of respondents indicated a lack of sufficient technical resources as a challenge in optimising enterprise authorisation and access control. Essentially, organisations may have implemented a form of zero trust but they do not have the complete tool set or the on-staff expertise and knowledge to have true visibility and control of their network.
Building without the right expertise can create gaps in your security - Buy vs Build
Organisations are finding themselves building their own homegrown solutions, which can appear cost effective. However, this leaves gaps within the overall security posture if not developed, deployed, and maintained properly – resulting in higher operational costs and enterprise risk over time.
In response to the survey, 41% of respondents said they use homegrown solutions (OPA-based) to authorise identities. Moreover, 40% of respondents also said they use a homegrown solution (fully custom) to authorise identities. Without true zero trust, organisations run the risk of leaving gaps in their security infrastructure. Security must remain a fluid and ever-evolving technology as cyber adversaries will repeatedly re-strategise and evolve to breach organisations and when there is a will, there is a way. Next generation authorisation can be the differentiator between a headache for security teams and a full-blown breach. It is never a discussion of if but when hence why having homegrown solutions that are not built with the evolved threat landscape in mind and without the technical staff capable of maintaining, there may be a false layer of confidence that could lead to a betrayal of trust from partners and customers when their data is stolen.
As the demand for risk-based authorisation and identity aware security rises, the deficiencies of legacy homegrown authorisation engines are exposed. The demands from business stakeholders to keep pace with digital initiatives, while ensuring the highest levels of security and user experience, is driving change to adopt next generation enterprise authorisation solutions.
Security threats are a guarantee and are constantly evolving
Implementing an end to end zero trust architecture is a strategy that requires building a reference architecture that seeks to harden every threat vector possible. The next frontier is addressing the portion of the user journey post authentication, and beyond the borders of network access security. Next generation authorisation is poised to provide identity aware security at every layer of an enterprise computing infrastructure, while also providing central policy visibility, manageability, and policy governance.
“Zero trust must treat all identities as potential threats. While zero trust boosts higher levels of confidence, it's imperative to pair it with a comprehensive authorisation framework,” said Oren Ohayon Harel, CEO and co-founder of PlainID. “Enterprises today need continuous evaluation and validation across all tech stack interaction to mitigate data breach impacts”.
